skip to main content
tutorial

Dancing with Wolves: Towards Practical Event-driven VMM Monitoring

Authors Info & Claims
Published:08 April 2017Publication History
Skip Abstract Section

Abstract

This paper presents a novel framework that enables practical event-driven monitoring for untrusted virtual machine monitors (VMMs) in cloud computing. Unlike previous approaches for VMM monitoring, our framework neither relies on a higher privilege level nor requires any special hardware support. Instead, we place the trusted monitor at the same privilege level and in the same address space with the untrusted VMM to achieve superior efficiency, while proposing a unique mutual-protection mechanism to ensure the integrity of the monitor. Our security analysis demonstrates that our framework can provide high-assurance for event-driven VMM monitoring, even if the highest-privilege VMM is fully compromised. The experimental results show that our framework only incurs trivial performance overhead for enforcing event-driven monitoring policies, exhibiting tremendous performance improvement on previous approaches.

References

  1. Amazon ec2. http://aws.amazon.com/ec2, 2016.Google ScholarGoogle Scholar
  2. Apachebench. http://httpd.apache.org, 2016.Google ScholarGoogle Scholar
  3. Cve. http://cve.mitre.org/, 2016.Google ScholarGoogle Scholar
  4. Netperf. http://www.netperf.org/netperf/, 2016.Google ScholarGoogle Scholar
  5. A. M. Azab, P. Ning, J. Shah, Q. Chen, and R. Bhutkar. Hypervision across worlds: Real-time kernel protection from the arm trustzone secure world. In Proceedings of the ACM conference on Computer and communications security, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  6. A.M. Azab, P. Ning, Z. Wang, X. Jiang, X. Zhang, and N.C. Skalsky. Hypersentry: Enabling stealthy in-context measurement of hypervisor integrity. In Proceedings of the ACM conference on Computer and communications security, pages 38--49, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  7. M. Backes and S. Nurnberger. Oxymoron: Making fine-grained memory randomization practical by allowing code sharing. In Proceedings of the conference on USENIX Security Symposium, 2014.Google ScholarGoogle Scholar
  8. A. Baumann, M. Peinado, and G. Hunt. Shielding applications from an untrusted cloud with haven. In Proceedings of USENIX Symposium on Operating Systems Design and Implementation, pages 267--283, 2014.Google ScholarGoogle Scholar
  9. M. Ben-Yehuda, M.D. Day, Z. Dubitzky, M. Factor, N. Har'El, and A. Gordon. The turtles project: Design and implementation of nested virtualization. In Proceedings of the 9th USENIX conference on Operating systems design and implementation, pages 1--6, 2010.Google ScholarGoogle ScholarDigital LibraryDigital Library
  10. S. Butt, H.A. Lagar-Cavilla, A. Srivastava, and V. Ganapathy. Self-service cloud computing. In Proceedings of the IEEE Symposium on Security and Privacy, pages 292--307, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  11. J. Criswell, N. Dautenhahn, and V. Adve. Kcofi: Complete control-flow integrity for commodity operating system kernels. In Proceedings of the ACM Conference on Computer and Communications Security, pages 253--264, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  12. J. Criswell, N. Dautenhahn, and V. Adve. Virtual ghost: protecting applications from hostile operating systems. In Proceedings of the International Conference on Architectural Support for Programming Languages and Operating Systems, pages 81--96, 2014. Google ScholarGoogle ScholarDigital LibraryDigital Library
  13. N. Dautenhahn, T. Kasampalis, W. Dietz, J. Criswell, and V. Adve. Nested kernel: An operating system architecture for intra-kernel privilege separation. In Proceedings of the Twentieth International Conference on Architectural Support for Programming Languages and Operating Systems, pages 191--206, 2015. Google ScholarGoogle ScholarDigital LibraryDigital Library
  14. D. Evtyushkin, D. Ponomarev, and N. Abu-Ghazaleh. Jump over aslr: Attacking branch predictors to bypass aslr. In IEEE/ACM International Symposium on Microarchitecture, pages 1--13, 2016. Google ScholarGoogle ScholarCross RefCross Ref
  15. R. Hund, C. Willems, and T. Holz. Practical timing side channel attacks against kernel space aslr. In Proceedings of the IEEE Symposium on Security and Privacy, pages 191--205, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  16. Intel. Intel Trusted Execution Technology. February 2011.Google ScholarGoogle Scholar
  17. Intel. Intel 64 and IA-32 Architectures Software Developer s Manual: System Programming Guide. March 2013.Google ScholarGoogle Scholar
  18. B. Kauer, P. Verissimo, and A. Bessani. Recursive virtual machines for advanced security mechanisms. In Proceedings of the IEEE/IFIP International Conference on Dependable Systems and Networks Workshops, pages 117--122, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library
  19. H. Lee, H. Moon, D. Jang, K. Kim, J. Lee, Y. Paek, and et al. Ki-mon: a hardware-assisted event-triggered monitoring platform for mutable kernel object. In Proceedings of Proceedings of Usenix Security Symposium, pages 511--526, 2013.Google ScholarGoogle Scholar
  20. J. Li, Z. Wang, X. Jiang, M. Grace, and S. Bahram. Defeating return-oriented rootkits with return-less kernels. In Proceedings of the 5th European conference on Computer systems, pages 195--208, 2010. Google ScholarGoogle ScholarDigital LibraryDigital Library
  21. M. Li, W. Zang, K. Bai, M. Yu, and P. Liu. Mycloud: supporting user-configured privacy protection in cloud computing. In Proceedings of Annual Computer Security Applications Conference, pages 59--68, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  22. M. Li, Z. Zha, W. Zang, M. Yu, P. Liu, and K. Bai. Detangling resource management functions from the tcb in privacy-preserving virtualization. In Proceedings of European Symposium on Research in Computer Security, pages 310--325, 2014. Google ScholarGoogle ScholarCross RefCross Ref
  23. Z. Liu, J. Lee, J. Zeng, Y. Wen, Z. Lin, and W. Shi. Cpu transparent protection of os kernel and hypervisor integrity with programmable dram. In Proceedings of the Annual International Symposium on Computer Architecture, pages 392--403, 2013. Google ScholarGoogle ScholarDigital LibraryDigital Library
  24. L. Mcvoy and C. Staelin. Lmbench: Portable tools for performance analysis. In Proceedings of the annual conference on USENIX Annual Technical Conference, pages 279--294, 2000.Google ScholarGoogle Scholar
  25. V. Mohan, P. Larsen, S. Brunthaler, K. W. Hamlen, and M. Franz. Opaque control-flow integrity. In Proceedings of the Annual Computer Security Applications Conference, pages 339--348, 2015. Google ScholarGoogle ScholarCross RefCross Ref
  26. H. Moon, H. Lee, J. Lee, K. Kim, Y. Paek, and B.B. Kang. Vigilare: toward snoop-based kernel integrity monitor. In Proceedings of the ACM conference on Computer and communications security, pages 28--37, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  27. B. D. Payne, M. Carbone, M. Sharif, and W. Lee. Lares: An architecture for secure active monitoring using virtualization. In Proceedings of the IEEE Symposium on Security and Privacy, pages 233--247, 2008. Google ScholarGoogle ScholarDigital LibraryDigital Library
  28. M. Sharif, W. Lee, W. Cui, and A. Lanzi. Secure in-vm monitoring using hardware virtualization. In Proceedings of the ACM Conference on Computer and Communications Security, pages 477--487, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  29. J. Wang, A. Stavrou, and A.K. Ghosh. Hypercheck: A hardware-assisted integrity monitor. In Proceedings of the International Symposium on Recent Advances in Intrusion Detection, pages 158--177, 2010. Google ScholarGoogle ScholarCross RefCross Ref
  30. Z. Wang, X. Jiang, W. Cui, and P. Ning. Countering kernel rootkits with lightweight hook protection. In Proceedings of the ACM conference on Computer and communications security, pages 545--554, 2009. Google ScholarGoogle ScholarDigital LibraryDigital Library
  31. Z. Wang, C. Wu, M. Grace, and X. Jiang. Isolating commodity hosted hypervisors with hyperlock. In Proceedings of the ACM european conference on Computer Systems, pages 127--140, 2012. Google ScholarGoogle ScholarDigital LibraryDigital Library
  32. C. Wu, Z. Wang, and X. Jiang. Taming hosted hypervisors with (mostly) deprivileged execution. In Proceedings of Annual Network and Distributed System Security Symposium, pages 1--16, 2013.Google ScholarGoogle Scholar
  33. F. Zhang, J. Chen, H. Chen, and B. Zang. Cloudvisor: retrofitting protection of virtual machines in multi-tenant cloud with nested virtualization. In Proceedings of the Annual Network and Distributed System Security Symposium, 2011. Google ScholarGoogle ScholarDigital LibraryDigital Library

Recommendations

Comments

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Sign in

Full Access

  • Published in

    cover image ACM SIGPLAN Notices
    ACM SIGPLAN Notices  Volume 52, Issue 7
    VEE '17
    July 2017
    256 pages
    ISSN:0362-1340
    EISSN:1558-1160
    DOI:10.1145/3140607
    Issue’s Table of Contents
    • cover image ACM Conferences
      VEE '17: Proceedings of the 13th ACM SIGPLAN/SIGOPS International Conference on Virtual Execution Environments
      April 2017
      261 pages
      ISBN:9781450349482
      DOI:10.1145/3050748

    Copyright © 2017 ACM

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    • Published: 8 April 2017

    Check for updates

    Qualifiers

    • tutorial
    • Research
    • Refereed limited

PDF Format

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader
About Cookies On This Site

We use cookies to ensure that we give you the best experience on our website.

Learn more

Got it!